PREVENTING PRIVILEGE CREEP

Similar documents
AUTHENTICATION AND AUTHORIZATION: TWO SECURITY ESSENTIALS THAT WORK TOGETHER

SUPPLEMENTARY DEFENSES FOR ENDPOINT SECURITY

ADOPTING FIDO SearchSecurity

ADDRESSING TODAY S VULNERABILITIES

NETWORK-BASED CONTROLS: SECURING THE INTERNET OF THINGS

Desktop Virtualization: What Windows Managers Should Know

E-Guide CLOUDS ARE MORE SECURE THAN TRADITIONAL IT SYSTEMS -- AND HERE S WHY

SSL Certificate Management: Common Mistakes and How to Avoid Them

MANAGING ENDPOINTS WITH DEFENSE- IN-DEPTH

AS ATTACKERS TARGET APPLICATION CODING ERRORS, ARE STATIC ANALYSIS TOOLS THE ANSWER?

BRING SPEAR PHISHING PROTECTION TO THE MASSES

KNOW THE FEATURES OF WINDOWS SERVER 2012 R2

Requirements for virtualizing Exchange Server 2010

Disaster Recovery Planning: Weighing your customer s options

Utilizing Windows Server 2012 without the GUI Key workarounds for avoiding the Modern UI

Server Hardware for Virtualization: Exploring the Options

WHAT NETWORK VIRTUALIZATION TECHNOLOGY CAN DO FOR YOUR NETWORK TODAY

Storage Virtualization Explained

E-Guide BENEFITS AND DRAWBACKS OF SSD, CACHING, AND PCIE BASED SSD

Identify and Eliminate Oracle Database Bottlenecks

BEST PRACTICES TO PROTECTING AWS CLOUD RESOURCES

An introduction to the VDI landscape

E-Guide WHAT WINDOWS 10 ADOPTION MEANS FOR IT

LESSONS LEARNED FROM AN OFFICE 365 MIGRATION

Best Practices for the Hybrid Cloud

SECURITY MONITORING: BE EVERYWHERE AT ONCE

BUYING SERVER HARDWARE FOR A SCALABLE VIRTUAL INFRASTRUCTURE

Understanding the Value behind Enterprise Application-Aware Firewalls

VMware vsphere Beginner s Guide

10 Cloud Storage Concepts to Master

TEN ESSENTIAL NETWORK VIRTUALIZATION DEFINITIONS

E-Guide DATABASE DESIGN HAS EVERYTHING TO DO WITH PERFORMANCE

Solid State Storage: Trends, Pricing Concerns, and Predictions for the Future

Disaster recovery planning for health care data and HIPAA compliance regulations

STORAGE NETWORKING TECHNOLOGY STEPS UP TO PERFORMANCE CHALLENGES

Evaluating the Security of Software Defined Networking

A primer to SQL Server 2012

SDN Technologies Primer: Revolution or Evolution in Architecture?

Poor PAM processes and policies leave the crown jewels susceptible to security breaches Global Survey of IT Security Professionals

The Emergence of SDN in WLAN

E-Guide UPDATE YOUR APPLICATION SECURITY POLICY AFTER HEARTBLEED

Backup Appliances: Key Players and Criteria for Selection

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Backup solutions for today s Data Center

Vista Deployment: What s in the Box and What s Not

MOVE BEYOND GPO FOR NEXT-LEVEL PRIVILEGE MANAGEMENT

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD)

Minfy MS Workloads Use Case

The Problem with Privileged Users

The security challenge in a mobile world

E-guide Getting your CISSP Certification

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

Roadmap to the Efficient Cloud: 3 Checkpoints for the Modern Enterprise

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

WHITEPAPER A Selection Guide to Binary Tree s Directory Synchronization Software

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Canadian Access Federation: Trust Assertion Document (TAD)

Minfy MS Workloads Use Case

1. Federation Participant Information DRAFT

Canadian Access Federation: Trust Assertion Document (TAD)

QuickBooks Online Security White Paper July 2017

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Information Security Controls Policy

Secure Access & SWIFT Customer Security Controls Framework

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Five Essential Capabilities for Airtight Cloud Security

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Canadian Access Federation: Trust Assertion Document (TAD)

CyberArk Privileged Threat Analytics

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Integrated Access Management Solutions. Access Televentures

the SWIFT Customer Security

Cyber security tips and self-assessment for business

Canadian Access Federation: Trust Assertion Document (TAD)

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Cyber Risks in the Boardroom Conference

Canadian Access Federation: Trust Assertion Document (TAD)

Event insight: Key takeaways from Cloud Expo Europe and Data Centre World

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

E-Guide CLOUD COMPUTING VS. VIRTUALIZATION

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

PCI DSS Compliance. White Paper Parallels Remote Application Server

Sample Security Risk Analysis ASP Meaningful Use Core Set Measure 15

Canadian Access Federation: Trust Assertion Document (TAD)

DreamFactory Security Guide

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

GUIDELINES FOR SUBMITTING CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS

Top Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk

One Hospital s Cybersecurity Journey

VANGUARD WHITE PAPER VANGUARD INSURANCE INDUSTRY WHITEPAPER

Solutions Technology, Inc. (STI) Corporate Capability Brief

WHITE PAPERS. INSURANCE INDUSTRY (White Paper)

Canadian Access Federation: Trust Assertion Document (TAD)

Trustworthy & Innovative Advice Confidis Advisory Services Private Limited. All rights reserved.

Overview. Business value

Security Architecture

Transcription:

E-Guide PREVENTING PRIVILEGE CREEP SearchSecurity

Mike Cobb The security principle of least privilege is the practice of limiting permissions to the minimal level that will allow users to perform their jobs; for example, an employee working in HR doesn t need and shouldn t be granted access to the company s customer database. Enforcing least privilege plays a key role in containing the damage malicious users can cause. However, a serious mismatch between an individual s responsibilities and their privilege and access rights can occur following a change of role, department reorganization or merger. To prevent this from undermining overall security, user accounts need to be regularly audited to ensure users aren t accumulating unnecessary permissions as their roles or responsibilities change. Without a robust audit process there is a real danger of privilege creep, where a user slowly acquires new privileges without having those from former roles removed. PAGE 2 OF 6

KEEPING PRIVILEGES ALIGNED To prevent privilege creep and keep privileges aligned with each employee s tasks and responsibilities an organization s employee lifecycle management policy has to include a robust documented process. This process should cover the IT-related actions HR need to complete when there are changes to personnel or personnel roles, one of which has to be to notify network administrators so assigned roles and privileges can be updated and redundant accounts closed. Manually trying to manage a large number of users privileges, though, is a time-consuming and resource-draining process and will lead to mistakes and oversights. Investment in a privileged account security product that manages and monitors privileged users, sessions and applications will prevent the far greater costs of dealing with security incidents and data breaches caused when privileges are misassigned or abused. These products can also scale as the organization grows or moves into the cloud. Conjur s Secrets Management System, for example, can monitor, manage and audit identities and permissions across a wide range of IT infrastructures; the same is true of Centrify s Server Suite, which centralizes the creation and granting of role-based privileges across Windows, Linux and UNIX systems. Vendors such as Okta offer identity PAGE 3 OF 6

and access management as a service tools that can make authenticating and managing users in the cloud a lot simpler and less prone to needed oversight because they integrate with existing HR systems. Enterprises who use Amazon Web Services should take advantage of its credential reporting features, which list all users in an account and the status of their various credentials, including passwords, access keys and multifactor authentication devices. AUDITS ALWAYS REQUIRED Even with automated role-assignment technologies, privilege creep can still occur during periods of high staff turnover, if legacy applications are upgraded or replaced, and when new applications or services are rolled out. This means account monitoring and regular audits are essential to find and correct misassigned privileges so user accounts and privileges match with HR s job descriptions. Role-based privileges should be routinely reviewed to ensure the associated privileges are still relevant and required; this should certainly be carried out after any restructuring within an organization. Remember, too, that the sensitivity of data held in different servers and databases can change over time, so access privileges will need to be realigned accordingly. PAGE 4 OF 6

Staying on top of trusted users and their privileges is not one of IT security s most glamourous tasks but it does play a significant role in improving the security of an organization s network and cloud environments by reducing the occurrence of misassigned privileges and their misuse. MICHAEL COBB, CISSP-ISSAP, is a renowned security author with over 20 years of experience in the IT industry. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. He has also been a Microsoft Certified Database Manager and registered consultant with the CESG Listed Advisor Scheme (CLAS). Cobb has a passion for making IT security best practices easier to understand and achievable. His website www.hairyitdog.com offers free security posters to raise employee awareness of the importance of safeguarding company and client data, and of following good practices. PAGE 5 OF 6

FREE RESOURCES FOR TECHNOLOGY PROFESSIONALS TechTarget publishes targeted technology media that address your need for information and resources for researching products, developing strategy and making cost-effective purchase decisions. Our network of technology-specific Web sites gives you access to industry experts, independent content and analysis and the Web s largest library of vendor-provided white papers, webcasts, podcasts, videos, virtual trade shows, research reports and more drawing on the rich R&D resources of technology providers to address market trends, challenges and solutions. Our live events and virtual seminars give you access to vendor neutral, expert commentary and advice on the issues and challenges you face daily. Our social community IT Knowledge Exchange allows you to share real world information in real time with peers and experts. WHAT MAKES TECHTARGET UNIQUE? TechTarget is squarely focused on the enterprise IT space. Our team of editors and network of industry experts provide the richest, most relevant content to IT professionals and management. We leverage the immediacy of the Web, the networking and face-to-face opportunities of events and virtual events, and the ability to interact with peers all to create compelling and actionable information for enterprise IT professionals across all industries and markets. PAGE 6 OF 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback